Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Memory leak in AST parsing (OSS-Fuzz #60074) #106057

Closed
guidovranken opened this issue Jun 24, 2023 · 7 comments
Closed

Memory leak in AST parsing (OSS-Fuzz #60074) #106057

guidovranken opened this issue Jun 24, 2023 · 7 comments
Assignees
@markshannon
Labels
3.13 bugs and security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) performance Performance or resource usage type-bug An unexpected behavior, bug, or error

Comments

@guidovranken
Copy link

guidovranken commented Jun 24, 2023
edited by bedevere-bot
Loading

Bug report

Reported by OSS-Fuzz (issue 60074).

Build cpython with:

CC=clang CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address" ./configure --prefix=<prefix>
ASAN_OPTIONS=detect_leaks=0 make -j$(nproc)
ASAN_OPTIONS=detect_leaks=0 make install

(Setting ASAN_OPTIONS=detect_leaks=0 during build is necessary because memory leaks occur in the build phase itself, see #104791).

Then run the following reproducer:

import ast
ast.unparse(ast.parse(bytes([
  0x77, 0x69, 0x74, 0x68, 0x28, 0x29, 0x3a, 0x0a, 0x09, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x2b, 0x2b, 0x2b, 0x2b, 0x2b, 0x66, 0x27,
  0x7b, 0x22, 0x02, 0x22, 0x7d, 0x65, 0x27, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e, 0x7e,
  0x7e, 0x7e, 0x2d, 0x76, 0x66, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
  0x2d, 0x69])))

AddressSanitizer stack trace:

==178428==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 87170 byte(s) in 64 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11

Direct leak of 29192 byte(s) in 30 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x5593853e03b3 in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1449:29
    #4 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #5 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #6 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #7 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #8 0x5593853d95cd in read_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1515:9
    #9 0x5593852ec552 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:3012:19
    #10 0x559385038307 in _PyObject_VectorcallTstate /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_call.h:92:11
    #11 0x559385038307 in object_vacall /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:824:14
    #12 0x559385037c3a in PyObject_CallMethodObjArgs /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:885:24
    #13 0x5593853aa0a3 in import_find_and_load /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2767:11
    #14 0x5593853aa0a3 in PyImport_ImportModuleLevelObject /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2847:15
    #15 0x5593852d6e32 in import_name /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:2458:15
    #16 0x5593852d6e32 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:2132:19
    #17 0x5593852d2a65 in _PyEval_EvalFrame /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_ceval.h:88:16
    #18 0x5593852d2a65 in _PyEval_Vector /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:1683:12
    #19 0x5593852d2a65 in PyEval_EvalCode /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:579:21
    #20 0x5593852cccf3 in builtin_exec_impl /home/jhg/oss-fuzz-60074/cpython/Python/bltinmodule.c:1079:17
    #21 0x5593852cccf3 in builtin_exec /home/jhg/oss-fuzz-60074/cpython/Python/clinic/bltinmodule.c.h:583:20
    #22 0x559385110c96 in cfunction_vectorcall_FASTCALL_KEYWORDS /home/jhg/oss-fuzz-60074/cpython/Objects/methodobject.c:438:24

Direct leak of 28216 byte(s) in 39 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x5593853e03b3 in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1449:29
    #4 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #5 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #6 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #7 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #8 0x5593853d95cd in read_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1515:9
    #9 0x5593852ec552 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:3012:19
    #10 0x559385038307 in _PyObject_VectorcallTstate /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_call.h:92:11
    #11 0x559385038307 in object_vacall /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:824:14
    #12 0x559385037c3a in PyObject_CallMethodObjArgs /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:885:24
    #13 0x5593853aa0a3 in import_find_and_load /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2767:11
    #14 0x5593853aa0a3 in PyImport_ImportModuleLevelObject /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2847:15
    #15 0x5593852d6e32 in import_name /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:2458:15
    #16 0x5593852d6e32 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:2132:19
    #17 0x5593852d2a65 in _PyEval_EvalFrame /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_ceval.h:88:16
    #18 0x5593852d2a65 in _PyEval_Vector /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:1683:12
    #19 0x5593852d2a65 in PyEval_EvalCode /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:579:21
    #20 0x55938540cc09 in run_eval_code_obj /home/jhg/oss-fuzz-60074/cpython/Python/pythonrun.c:1727:9
    #21 0x55938540cc09 in run_mod /home/jhg/oss-fuzz-60074/cpython/Python/pythonrun.c:1748:19

Direct leak of 8720 byte(s) in 8 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x5593853e03b3 in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1449:29
    #4 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #5 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #6 0x5593853d95cd in read_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1515:9
    #7 0x5593852ec552 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:3012:19
    #8 0x559385038307 in _PyObject_VectorcallTstate /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_call.h:92:11
    #9 0x559385038307 in object_vacall /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:824:14
    #10 0x559385037c3a in PyObject_CallMethodObjArgs /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:885:24
    #11 0x5593853aa0a3 in import_find_and_load /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2767:11
    #12 0x5593853aa0a3 in PyImport_ImportModuleLevelObject /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2847:15
    #13 0x5593852d6e32 in import_name /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:2458:15
    #14 0x5593852d6e32 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:2132:19
    #15 0x5593852d2a65 in _PyEval_EvalFrame /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_ceval.h:88:16
    #16 0x5593852d2a65 in _PyEval_Vector /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:1683:12
    #17 0x5593852d2a65 in PyEval_EvalCode /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:579:21
    #18 0x5593852cccf3 in builtin_exec_impl /home/jhg/oss-fuzz-60074/cpython/Python/bltinmodule.c:1079:17
    #19 0x5593852cccf3 in builtin_exec /home/jhg/oss-fuzz-60074/cpython/Python/clinic/bltinmodule.c.h:583:20
    #20 0x559385110c96 in cfunction_vectorcall_FASTCALL_KEYWORDS /home/jhg/oss-fuzz-60074/cpython/Objects/methodobject.c:438:24

Direct leak of 2888 byte(s) in 4 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x5593853e03b3 in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1449:29
    #4 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #5 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #6 0x5593853d95cd in read_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1515:9
    #7 0x5593852ec552 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:3012:19
    #8 0x559385038307 in _PyObject_VectorcallTstate /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_call.h:92:11
    #9 0x559385038307 in object_vacall /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:824:14
    #10 0x559385037c3a in PyObject_CallMethodObjArgs /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:885:24
    #11 0x5593853aa0a3 in import_find_and_load /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2767:11
    #12 0x5593853aa0a3 in PyImport_ImportModuleLevelObject /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2847:15
    #13 0x5593852d6e32 in import_name /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:2458:15
    #14 0x5593852d6e32 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:2132:19
    #15 0x5593852d2a65 in _PyEval_EvalFrame /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_ceval.h:88:16
    #16 0x5593852d2a65 in _PyEval_Vector /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:1683:12
    #17 0x5593852d2a65 in PyEval_EvalCode /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:579:21
    #18 0x55938540cc09 in run_eval_code_obj /home/jhg/oss-fuzz-60074/cpython/Python/pythonrun.c:1727:9
    #19 0x55938540cc09 in run_mod /home/jhg/oss-fuzz-60074/cpython/Python/pythonrun.c:1748:19

Direct leak of 2816 byte(s) in 1 object(s) allocated from:
    #0 0x559384eecfc6 in __interceptor_realloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3fc6) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x55938509d353 in list_resize /home/jhg/oss-fuzz-60074/cpython/Objects/listobject.c:82:30
    #2 0x55938509d353 in list_extend /home/jhg/oss-fuzz-60074/cpython/Objects/listobject.c:892:18

Direct leak of 2048 byte(s) in 1 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x559385132dcf in set_add_key /home/jhg/oss-fuzz-60074/cpython/Objects/setobject.c:354:12
    #4 0x559385132dcf in set_update_internal /home/jhg/oss-fuzz-60074/cpython/Objects/setobject.c:913:13
    #5 0x55938513c0ff in make_new_set /home/jhg/oss-fuzz-60074/cpython/Objects/setobject.c:967:13
    #6 0x55938513c0ff in make_new_frozenset /home/jhg/oss-fuzz-60074/cpython/Objects/setobject.c:999:12
    #7 0x5593852d2a65 in _PyEval_EvalFrame /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_ceval.h:88:16
    #8 0x5593852d2a65 in _PyEval_Vector /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:1683:12
    #9 0x5593852d2a65 in PyEval_EvalCode /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:579:21
    #10 0x5593852cccf3 in builtin_exec_impl /home/jhg/oss-fuzz-60074/cpython/Python/bltinmodule.c:1079:17
    #11 0x5593852cccf3 in builtin_exec /home/jhg/oss-fuzz-60074/cpython/Python/clinic/bltinmodule.c.h:583:20
    #12 0x559385110c96 in cfunction_vectorcall_FASTCALL_KEYWORDS /home/jhg/oss-fuzz-60074/cpython/Objects/methodobject.c:438:24

Indirect leak of 300119 byte(s) in 316 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11

Indirect leak of 9623 byte(s) in 8 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x559385151d0f in type_call /home/jhg/oss-fuzz-60074/cpython/Objects/typeobject.c:1663:11

Indirect leak of 6357 byte(s) in 6 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x5593853e0131 in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1413:25
    #4 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #5 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #6 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #7 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #8 0x5593853d95cd in read_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1515:9
    #9 0x5593852ec552 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:3012:19
    #10 0x559385038307 in _PyObject_VectorcallTstate /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_call.h:92:11
    #11 0x559385038307 in object_vacall /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:824:14
    #12 0x559385037c3a in PyObject_CallMethodObjArgs /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:885:24
    #13 0x5593853aa0a3 in import_find_and_load /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2767:11
    #14 0x5593853aa0a3 in PyImport_ImportModuleLevelObject /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2847:15
    #15 0x5593852d6e32 in import_name /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:2458:15
    #16 0x5593852d6e32 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:2132:19
    #17 0x5593852d2a65 in _PyEval_EvalFrame /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_ceval.h:88:16
    #18 0x5593852d2a65 in _PyEval_Vector /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:1683:12
    #19 0x5593852d2a65 in PyEval_EvalCode /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:579:21
    #20 0x5593852cccf3 in builtin_exec_impl /home/jhg/oss-fuzz-60074/cpython/Python/bltinmodule.c:1079:17
    #21 0x5593852cccf3 in builtin_exec /home/jhg/oss-fuzz-60074/cpython/Python/clinic/bltinmodule.c.h:583:20
    #22 0x559385110c96 in cfunction_vectorcall_FASTCALL_KEYWORDS /home/jhg/oss-fuzz-60074/cpython/Objects/methodobject.c:438:24

Indirect leak of 2195 byte(s) in 2 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x5593853e0131 in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1413:25
    #4 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #5 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #6 0x5593853d95cd in read_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1515:9
    #7 0x5593852ec552 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:3012:19
    #8 0x559385038307 in _PyObject_VectorcallTstate /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_call.h:92:11
    #9 0x559385038307 in object_vacall /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:824:14
    #10 0x559385037c3a in PyObject_CallMethodObjArgs /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:885:24
    #11 0x5593853aa0a3 in import_find_and_load /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2767:11
    #12 0x5593853aa0a3 in PyImport_ImportModuleLevelObject /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2847:15
    #13 0x5593852d6e32 in import_name /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:2458:15
    #14 0x5593852d6e32 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:2132:19
    #15 0x5593852d2a65 in _PyEval_EvalFrame /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_ceval.h:88:16
    #16 0x5593852d2a65 in _PyEval_Vector /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:1683:12
    #17 0x5593852d2a65 in PyEval_EvalCode /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:579:21
    #18 0x5593852cccf3 in builtin_exec_impl /home/jhg/oss-fuzz-60074/cpython/Python/bltinmodule.c:1079:17
    #19 0x5593852cccf3 in builtin_exec /home/jhg/oss-fuzz-60074/cpython/Python/clinic/bltinmodule.c.h:583:20
    #20 0x559385110c96 in cfunction_vectorcall_FASTCALL_KEYWORDS /home/jhg/oss-fuzz-60074/cpython/Objects/methodobject.c:438:24

Indirect leak of 1103 byte(s) in 2 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x5593853e0131 in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1413:25
    #4 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #5 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #6 0x5593853df60c in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1220:18
    #7 0x5593853e007e in r_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1389:22
    #8 0x5593853d95cd in read_object /home/jhg/oss-fuzz-60074/cpython/Python/marshal.c:1515:9
    #9 0x5593852ec552 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:3012:19
    #10 0x559385038307 in _PyObject_VectorcallTstate /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_call.h:92:11
    #11 0x559385038307 in object_vacall /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:824:14
    #12 0x559385037c3a in PyObject_CallMethodObjArgs /home/jhg/oss-fuzz-60074/cpython/Objects/call.c:885:24
    #13 0x5593853aa0a3 in import_find_and_load /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2767:11
    #14 0x5593853aa0a3 in PyImport_ImportModuleLevelObject /home/jhg/oss-fuzz-60074/cpython/Python/import.c:2847:15
    #15 0x5593852d6e32 in import_name /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:2458:15
    #16 0x5593852d6e32 in _PyEval_EvalFrameDefault /home/jhg/oss-fuzz-60074/cpython/Python/bytecodes.c:2132:19
    #17 0x5593852d2a65 in _PyEval_EvalFrame /home/jhg/oss-fuzz-60074/cpython/./Include/internal/pycore_ceval.h:88:16
    #18 0x5593852d2a65 in _PyEval_Vector /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:1683:12
    #19 0x5593852d2a65 in PyEval_EvalCode /home/jhg/oss-fuzz-60074/cpython/Python/ceval.c:579:21
    #20 0x55938540cc09 in run_eval_code_obj /home/jhg/oss-fuzz-60074/cpython/Python/pythonrun.c:1727:9
    #21 0x55938540cc09 in run_mod /home/jhg/oss-fuzz-60074/cpython/Python/pythonrun.c:1748:19

Indirect leak of 690 byte(s) in 1 object(s) allocated from:
    #0 0x559384eecb9e in __interceptor_malloc (/home/jhg/oss-fuzz-60074/cpython-install/bin/python3.13+0x2e3b9e) (BuildId: ea5a593a9a755c28cb82600d1aa85c16131c0c4f)
    #1 0x559385123406 in PyMem_RawMalloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:662:12
    #2 0x559385123406 in _PyObject_Malloc /home/jhg/oss-fuzz-60074/cpython/Objects/obmalloc.c:1569:11
    #3 0x559385170810 in tp_new_wrapper /home/jhg/oss-fuzz-60074/cpython/Objects/typeobject.c:8325:11

SUMMARY: AddressSanitizer: 481137 byte(s) leaked in 482 allocation(s).

Bug was introduced in 04492cb @markshannon

Your environment

Linux x64, latest cpython main branch checkout.

Linked PRs
@guidovranken guidovranken added the type-bug An unexpected behavior, bug, or error label Jun 24, 2023
@arhadthedev arhadthedev added performance Performance or resource usage interpreter-core (Objects, Python, Grammar, and Parser dirs) 3.13 bugs and security fixes labels Jun 24, 2023
@pablogsal
Copy link
Member

This doesn't seem to happen on the parser nor the tokenizer, so I am unasigning us from the issue. Os-fuzz detected that the bug was introduced in 04492cb so I am adding @markshannon to the issue

@markshannon
Copy link
Member

If this is related to 04492cb why is the unparse/parse of bytes needed, or is that just as far as the fuzzer can simplify?

@markshannon
Copy link
Member

Is there a way to see the original issue without a Google sign in?

@guidovranken
Copy link
Author

If this is related to 04492cb why is the unparse/parse of bytes needed, or is that just as far as the fuzzer can simplify?

The fuzzer that found this bug is this, hence the reproducer is structured the same way.

Is there a way to see the original issue without a Google sign in?

I'm afraid not though it doesn't really contain any more information.

@markshannon
Copy link
Member

That's helpful, thanks.

@bedevere-bot bedevere-bot mentioned this issue Jun 26, 2023
Merged
@markshannon
Copy link
Member

markshannon commented Jun 26, 2023
edited
Loading

Produces a different failure in debug build. Probably the same thing though: not handling recursion errors properly.

markshannon added a commit that referenced this issue Jul 7, 2023
@markshannon
GH-106057: Handle recursion errors in inline class calls properly. (G…
24fb627 
…H-106108)
@markshannon
Copy link
Member

Fixed by #106108

@illia-v illia-v mentioned this issue Aug 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@markshannon markshannon

Labels
3.13 bugs and security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) performance Performance or resource usage type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@arhadthedev @guidovranken @markshannon @pablogsal @lysnikolaou